October 7th, 2003:Verisign has obeyed
ICANN's demand to suspend the SiteFinder hijack. They're whining
like little bitches about how it's "stifling innovation," etc, but
at least they took that bastard service down. Whattya know - ICANN
showed their teeth. WOO!

Verisign has lost all trust and credibility with
this last escapade. I personally consider them untrustable,
and will never buy SSL certificates from them again, nor will I
ever register domains through their services. I recommend the same
to my customers. Wake up, Verisign - you do not own the
internet.

What happened?

What does this break?

September 15, 2003:
Verisign, the US Government-appointed corporation in charge of the
.com and .net top-level domains, added wildcard entries to both
the .com and .net zones. This action hijacked all unregistered
domain names in .com and .net, redirecting those
unregistered domain names to Verisign's own advertisement
servers. Verisign derives revenue from hits to these advertisement
servers in the form of paid advertising sold to other entities.

For example, if you accidentally type "www.ybhoo.com" into your
web browser, your connection will now be automatically redirected
to Verisign's SiteFinder service. You have no choice - Verisign
has removed that for their own financial gain. Be assured that
links you click on while on SiteFinder generate revenue for
Verisign - up to $150 million dollars, according to their own
estimates. All for spending nothing hijacking the global .com and
.net zones. Pretty handy.

Just for kicks, click on "Terms Of Use" at the bottom. Scroll
all the way to the bottom, and read #14. By mispelling a domain
name, suddenly Verisign thinks you're bound by their terms of
use agreement. How does that sit with you, knowing that
your misclick or mispelled domain suddenly "enters you into their
terms of service?" Is that legal? Do you agree with
each of their terms of service, for being redirected with no
choice?

How would you feel if your telephone company redirected all of
the wrong numbers you dial to a telemarketing firm? Perhaps, a
telemarketing firm that they themselves own? This is precisely
what Verisign has done. And you can't choose another Verisign.
Yet.

DNS troubleshooting. There is no longer a useful
way to instantly determine a mistake. Previously, your web
browser would return a "no such domain" error. Well, guess
what - now every single domain possible exists.
There are no domains that "don't exist." And Verisign "owns"
every single one not already registered. For free.

Certain types of spam filtering. Some spam
filtering softwares check for non-existant domain names, when
checking incoming mail. Guess what - all domains within the
.com and .net zones now exist... This method of filtering
has been subverted by Verisign's hijacking. Although, given
Verisign's past track record of selling contact data to
spammers (oops, sorry, "business affiliates" or "partner
sites"), this shouldn't surprise anyone - they're helping the
spammers get around filters.

Ethics. They just claimed millions of domain
names for themselves, for no charge, and they're raking in
the money because of it. They're removing all choice from
any internet user that attempts to communicate with a .com
or .net domain and mispells something. They are abusing the
trust placed in them by ICANN and the Federal Trade
Commission to maintain the .com and .net zones, and they're
thumbing their noses at them in the process.

Your trust. Security and privacy researchers have
already discovered code on SiteFinder that passes POSTed data
to a third party marketing agency. Ie, if you mistype a URL
that contains a username, or an email address, or anything
else that you'd rather not have public, it's being passed on
against your wishes. And you have no choice.

Privacy. They're also answering SMTP connections
for these nonexistant domains. Verisign says that they are
simply refusing the emails, but who knows what they're
logging? Are they collecting emails for spam lists? Will
we ever know?

Well, what can we do?

Do what I did - I just finished transferring my last domain
away from them, to a competing registrar. One that doesn't
consider themselves above the law, above question, or above
review. Personally, I'm guessing this sort of action is what
drove them to this level of lawlessness - customers are quite
simply pissed off with their incredible level of customer
disservice, their questionable (illegal?) business practices,
and their complete willingness to forget about ethics and go
right for the buck. Customers have been fleeing Verisign's
registration services like rats abandoning a sinking ship, so
they're becoming more and more desperate.

Customer service does matter, and Verisign hasn't
provided any of that for the past four years.

When it comes time to renew your SSL certificates, refuse to
do business with Verisign. They've breached the entire
internet community's trust by implementing these wildcards,
as well as continuing their shady business practices. They're
untrustable. Purchase your certs from someone else that you
can trust.